diff --git a/.github/workflows/build-and-push-container.yml b/.github/workflows/build-and-push-container.yml deleted file mode 100644 index 96ada26..0000000 --- a/.github/workflows/build-and-push-container.yml +++ /dev/null @@ -1,179 +0,0 @@ -name: build -on: - workflow_dispatch: - inputs: - debug_enabled: - type: boolean - description: "Run the build with tmate debugging enabled" - merge_group: - pull_request: - push: - branches: - - "main" - -concurrency: - group: ${{ github.workflow }} - -jobs: - matrix: - name: "matrix" - runs-on: - - lab - outputs: - matrix: ${{ steps.matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable - - uses: cargo-bins/cargo-binstall@main - - name: install whyq - run: | - set -euxo pipefail - sudo apt-get update - sudo apt-get install --yes --no-install-recommends jq - cargo binstall --no-confirm whyq - - name: generate test matrix - id: matrix - run: | - set -euxo pipefail - yq \ - --compact-output \ - --raw-output \ - '"matrix=" + (.matrix | tostring)' builds.yml \ - | tee -a "${GITHUB_OUTPUT}" - - name: report build plan - run: | - cat >> "${GITHUB_STEP_SUMMARY}" < - - - ## Raw \`builds.yml\` file - - - - \`\`\`yml - $(< builds.yml) - \`\`\` - - - -
- - - ## Raw \`versions.nix\` file - - - - \`\`\`nix - $(< nix/versions.nix) - \`\`\` - -
- - EOF - - run: - name: run - needs: matrix - runs-on: - - lab - timeout-minutes: 300 - strategy: - max-parallel: 3 - matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }} - steps: - - uses: actions/checkout@v4 - - name: install nix - uses: cachix/install-nix-action@v30 - - name: login to ghcr.io - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - uses: "dtolnay/rust-toolchain@stable" - - uses: "cargo-bins/cargo-binstall@main" - - run: | - cargo binstall --no-confirm just - - name: nix cache - uses: DeterminateSystems/magic-nix-cache-action@main - - name: confirm sources - run: ./scripts/confirm-sources.sh - - name: build + push - run: just --yes debug=true max_nix_builds=1 rust=${{matrix.toolchain.key}} push - - name: Install SBOM generator dependencies - run: | - for f in /tmp/dpdk-sys/builds/*; do - [ -h "$f" ] && rm "$f" - done - cargo binstall --no-confirm csview - sudo apt-get update - sudo apt-get install --yes --no-install-recommends graphviz - - name: Generate SBOM - run: ./scripts/sbom.sh - - name: step summary - continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB - run: | - echo "# Outdated packages:" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md >> $GITHUB_STEP_SUMMARY - - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "# Vuln scan (gnu64):" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md >> $GITHUB_STEP_SUMMARY - - echo "" >> "$GITHUB_STEP_SUMMARY" - echo "# Runtime SBOM (gnu64):" >> "$GITHUB_STEP_SUMMARY" - echo "" >> "$GITHUB_STEP_SUMMARY" - cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.sbom.md >> $GITHUB_STEP_SUMMARY - - echo "" >> "$GITHUB_STEP_SUMMARY" - - name: remove links from /tmp/dpdk-sys/builds - run: | - for f in /tmp/dpdk-sys/builds/*; do - [ -h "$f" ] && rm "$f" - done - - uses: actions/upload-artifact@v4 - with: - name: builds-${{ matrix.toolchain.key }} - path: /tmp/dpdk-sys/builds - - name: Setup tmate session for debug - if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} - uses: mxschmitt/action-tmate@v3 - timeout-minutes: 60 - with: - limit-access-to-actor: true - - summary: - name: summary - if: ${{ always() }} - runs-on: - - lab - needs: - - run - steps: - - name: Flag any build matrix failures - if: ${{ needs.run.result != 'success' }} - run: exit 1 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..d7afdfe --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,274 @@ +name: "build.yml" +on: + workflow_dispatch: + inputs: + debug_enabled: + type: "boolean" + description: "Run the build with tmate debugging enabled" + merge_group: + pull_request: + push: + branches: + - "main" + +#concurrency: +# group: "${{ github.workflow }}" +# cancel-in-progress: true + +jobs: + matrix: + permissions: + issues: "write" + pull-requests: "write" + packages: "write" + contents: "write" + id-token: "write" + name: "matrix" + runs-on: + - "lab" + outputs: + matrix: "${{ steps.matrix.outputs.matrix }}" + steps: + - uses: "actions/checkout@v4" + - uses: "dtolnay/rust-toolchain@stable" + - uses: "cargo-bins/cargo-binstall@main" + - name: "install whyq" + run: | + set -euxo pipefail + sudo apt-get update + sudo apt-get install --yes --no-install-recommends jq + cargo binstall --no-confirm whyq + - name: "generate test matrix" + id: "matrix" + run: | + set -euxo pipefail + yq \ + --compact-output \ + --raw-output \ + '"matrix=" + (.matrix | tostring)' builds.yml \ + | tee -a "${GITHUB_OUTPUT}" + - name: "report build plan" + run: | + cat >> "${GITHUB_STEP_SUMMARY}" < + + + ## Raw \`builds.yml\` file + + + + \`\`\`yml + $(< builds.yml) + \`\`\` + + + +
+ + + ## Raw \`versions.nix\` file + + + + \`\`\`nix + $(< nix/versions.nix) + \`\`\` + +
+ + EOF + + run: + name: "run" + needs: + - matrix + runs-on: + - "lab" + timeout-minutes: 300 + strategy: + max-parallel: 3 + matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }} + permissions: + issues: "write" + pull-requests: "write" + packages: "write" + contents: "write" + id-token: "write" + steps: + - uses: "actions/checkout@v4" + - name: "install nix" + uses: "cachix/install-nix-action@v30" + - name: "login to ghcr.io" + uses: "docker/login-action@v3" + with: + registry: "ghcr.io" + username: "${{ github.actor }}" + password: "${{ secrets.GITHUB_TOKEN }}" + - uses: "dtolnay/rust-toolchain@stable" + - uses: "cargo-bins/cargo-binstall@main" + - run: | + cargo binstall --no-confirm just + - name: "nix cache" + uses: "DeterminateSystems/magic-nix-cache-action@main" + - name: "confirm sources" + run: | + ./scripts/confirm-sources.sh + - name: "build + push" + run: | + just --yes debug=true max_nix_builds=1 rust=${{matrix.toolchain.key}} push + - name: "Install SBOM generator dependencies" + run: | + for f in /tmp/dpdk-sys/builds/*; do + [ -h "$f" ] && rm "$f" + done + cargo binstall --no-confirm csview + sudo apt-get update + sudo apt-get install --yes --no-install-recommends graphviz + - name: "Generate SBOM" + run: | + ./scripts/sbom.sh + - name: "SBOM upload" + # if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} + uses: "advanced-security/spdx-dependency-submission-action@v0.1.1" + with: + filePattern: '/tmp/dpdk-sys/builds/*.spdx.json' + - name: "step summary" + continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB + run: | + { + echo "# Outdated packages (gnu64):"; + echo ""; + cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md; + echo ""; + echo "# Outdated packages (musl64):"; + echo ""; + cat /tmp/dpdk-sys/builds/env.sysroot.musl64.outdated.md; + echo ""; + echo "# Vuln scan (gnu64):"; + echo ""; + cat /tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md; + echo ""; + echo "# Vuln scan (musl64):"; + echo ""; + cat /tmp/dpdk-sys/builds/env.sysroot.musl64.vulns.triage.md; + echo ""; + } >> $GITHUB_STEP_SUMMARY + - name: "remove links from /tmp/dpdk-sys/builds" + run: | + for f in /tmp/dpdk-sys/builds/*; do + [ -h "$f" ] && rm "$f" + done + - uses: "actions/upload-artifact@v4" + with: + name: "builds-${{ matrix.toolchain.key }}" + path: "/tmp/dpdk-sys/builds" + - name: "Setup tmate session for debug" + if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} + uses: "mxschmitt/action-tmate@v3" + timeout-minutes: 60 + with: + limit-access-to-actor: true + + - name: "outdated packages (gnu64)" + uses: "actions/github-script@v7" + if: ${{ github.event_name == 'pull_request' }} + continue-on-error: true + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + script: | + let fs = require('fs'); + let body = "# Outdated packages (gnu64):\n"; + body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md'); + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: body + }); + + - name: "outdated packages (musl64)" + uses: "actions/github-script@v7" + if: ${{ github.event_name == 'pull_request' }} + continue-on-error: true + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + script: | + let fs = require('fs'); + let body = "# Outdated packages (musl64):\n"; + body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.musl64.outdated.md'); + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: body + }); + + - name: "Vulnerable packages (gnu64)" + uses: "actions/github-script@v7" + if: ${{ github.event_name == 'pull_request' }} + continue-on-error: true + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + script: | + let fs = require('fs'); + let body = "# Vulnerable packages (gnu64):\n"; + body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md'); + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: body + }); + + - name: "Vulnerable packages (musl64)" + uses: "actions/github-script@v7" + if: ${{ github.event_name == 'pull_request' }} + continue-on-error: true + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + script: | + let fs = require('fs'); + let body = "# Vulnerable packages (musl64):\n"; + body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.musl64.vulns.triage.md'); + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: body + }); + + summary: + name: "summary" + if: ${{ always() }} + runs-on: + - "lab" + needs: + - run + steps: + - name: "Flag any build matrix failures" + if: ${{ needs.run.result != 'success' }} + run: | + >&2 echo "A critical step failed!" + exit 1 diff --git a/.github/workflows/bump.yml b/.github/workflows/bump.yml index 96670a4..fdc188a 100644 --- a/.github/workflows/bump.yml +++ b/.github/workflows/bump.yml @@ -11,7 +11,7 @@ name: "bump" on: workflow_dispatch: inputs: - branch: + dpdk_sys_branch: type: "string" default: "main" description: "which branch to bump" @@ -22,6 +22,9 @@ on: branches: - "main" +env: + dpdk_sys_branch: ${{ github.event.inputs.dpdk_sys_branch || 'main' }} + permissions: contents: "write" pull-requests: "write" @@ -34,18 +37,21 @@ jobs: - name: "Checkout" uses: "actions/checkout@v4" with: - ref: "${{ github.event.inputs.branch || 'main' }}" + ref: "${{ env.dpdk_sys_branch }}" - uses: "dtolnay/rust-toolchain@stable" - uses: "cargo-bins/cargo-binstall@main" - - run: "cargo binstall --no-confirm just" + - run: | + cargo binstall --no-confirm just - name: "install nix" uses: "cachix/install-nix-action@v30" - - run: "./scripts/update-version-pinning.sh" + - name: "bump" + run: | + just dpdk_sys_branch="${{ env.dpdk_sys_branch }}" bump - name: "Create Pull Request" uses: "peter-evans/create-pull-request@v7" with: - branch: "bump/${{ github.event.inputs.branch || 'main' }}" - title: "bump/${{ github.event.inputs.branch || 'main' }}" + branch: "bump/${{ env.dpdk_sys_branch }}" + title: "bump/${{ env.dpdk_sys_branch }}" labels: | automated dependencies diff --git a/builds.template.yml b/builds.template.yml index 7988933..c6cfbed 100644 --- a/builds.template.yml +++ b/builds.template.yml @@ -31,12 +31,12 @@ matrix: - "x86_64-unknown-linux-gnu" - "x86_64-unknown-linux-musl" just: *just_version - # - # pinned nightly - # <<: *default - # key: "nightly" - # llvm: *llvm_nightly - # rust: - # channel: "nightly" - # version: *nightly_pin + - # pinned nightly + <<: *default + key: "nightly" + llvm: *llvm_nightly + rust: + channel: "nightly" + version: *nightly_pin nixpkgs: - *nixpkgs_unstable diff --git a/builds.yml b/builds.yml index 744af1f..a7b3e5c 100644 --- a/builds.yml +++ b/builds.yml @@ -31,12 +31,12 @@ matrix: - "x86_64-unknown-linux-gnu" - "x86_64-unknown-linux-musl" just: *just_version - # - # pinned nightly - # <<: *default - # key: "nightly" - # llvm: *llvm_nightly - # rust: - # channel: "nightly" - # version: *nightly_pin + - # pinned nightly + <<: *default + key: "nightly" + llvm: *llvm_nightly + rust: + channel: "nightly" + version: *nightly_pin nixpkgs: - *nixpkgs_unstable diff --git a/justfile b/justfile index fdf738c..ce08659 100644 --- a/justfile +++ b/justfile @@ -1,30 +1,32 @@ -set unstable +set unstable := true set shell := ["bash", "-euo", "pipefail", "-c"] set script-interpreter := ["bash", "-euo", "pipefail"] # Turn on debug_mode if you want to `set -x` all the just [script] recipes + debug := "false" # The version of the rust compiler to include. # These versions are pinned by the `./nix/versions.nix` -# file (which is managed by `./scripts/update-version-pinning.sh`) +# file (which is managed by `./scripts/bump.sh`) + rust := "stable" container_repo := "ghcr.io/githedgehog/dpdk-sys" # This is the maximum number of builds nix will start at a time. # You can jump this up to 8 or 16 if you have a really powerful machine. # Be careful tho, LLVM is a memory hog of a build. + max_nix_builds := "1" # This is the path to the versions.nix file that contains the nixpkgs version information # It is a safe bet that the current ./nix/versions.nix file is what you want unless you are # trying to jump back in time to a previous version of nixpkgs or something. + versions := "./nix/versions.nix" # semi private (override if you really need to) - # Setting this to "false" will disable pulling derivations from the nix cache. - # If you turn this to "false" with an empty /nix/store, then you will have to rebuild # _everything_. # The rebuild will be massive! @@ -33,11 +35,12 @@ versions := "./nix/versions.nix" # # NOTE: if you already have packages cached they will still be used. # You would need to clear out /nix/store to truly force a rebuild of everything. + nix_substitute := "true" # private fields (do not override) - # The git tree state (clean or dirty) + _clean := ``` set -euo pipefail ( @@ -46,126 +49,134 @@ _clean := ``` echo clean \ ) || echo dirty ``` + # The git commit hash of the last commit to HEAD + _commit := `git rev-parse HEAD` + # The git branch we are currnetly on + _branch := `git rev-parse --abbrev-ref HEAD | sed 's/[^a-zA-Z0-9]/-/g'` + # The slug is the branch name (sanitized) with a marker if the tree is dirty + _slug := (if _clean == "clean" { "" } else { "dirty-_-" }) + _branch # The name of the dev-env container + _dev_env_container_name := container_repo + "/dev-env" + # The name of the doc-env container + _doc_env_container_name := container_repo + "/doc-env" + # The name of the compile-env container + _compile_env_container_name := container_repo + "/compile-env" # This is a unique identifier for the build. # We temporarily tag our containers with this id so that we can be certain that we are # not retagging or pushing some other container. + _build-id := uuid() _just_debug_ := if debug == "true" { "set -x" } else { "" } _build_time := datetime_utc("%+") # Compute the default number of jobs to use as a guess to try and keep the build within the memory limits # of the system + cores := `./scripts/estimate-jobs.sh` [private] @default: - just --list --justfile {{justfile()}} + just --list --justfile {{ justfile() }} # Install the nix package manager (in single user mode) [script] install-nix: - {{_just_debug_}} - sh <(curl -L https://nixos.org/nix/install) --no-daemon + {{ _just_debug_ }} + sh <(curl -L https://nixos.org/nix/install) --no-daemon [private] [script] _nix_build attribute: - {{_just_debug_}} - mkdir -p /tmp/dpdk-sys/builds - nix build \ - --option substitute "{{nix_substitute}}" \ - --keep-failed \ - --print-build-logs \ - --show-trace \ - -f default.nix \ - "{{attribute}}" \ - --out-link "/tmp/dpdk-sys/builds/{{attribute}}" \ - --argstr container-repo "{{container_repo}}" \ - --argstr image-tag "{{_build-id}}" \ - --argstr rust-channel "{{rust}}" \ - "-j{{max_nix_builds}}" \ - `if [ "{{cores}}" != "all" ]; then echo --cores "{{cores}}"; fi` + {{ _just_debug_ }} + mkdir -p /tmp/dpdk-sys/builds + nix build \ + --option substitute "{{ nix_substitute }}" \ + --keep-failed \ + --print-build-logs \ + --show-trace \ + -f default.nix \ + "{{ attribute }}" \ + --out-link "/tmp/dpdk-sys/builds/{{ attribute }}" \ + --argstr container-repo "{{ container_repo }}" \ + --argstr image-tag "{{ _build-id }}" \ + --argstr rust-channel "{{ rust }}" \ + "-j{{ max_nix_builds }}" \ + `if [ "{{ cores }}" != "all" ]; then echo --cores "{{ cores }}"; fi` # Build only the sysroot [script] -build-sysroot: \ - (_nix_build "env.sysroot.gnu64.debug") \ - (_nix_build "env.sysroot.gnu64.release") \ - (_nix_build "env.sysroot.musl64.debug") \ - (_nix_build "env.sysroot.musl64.release") \ - (_nix_build "sysroot") - {{_just_debug_}} +build-sysroot: (_nix_build "env.sysroot.gnu64.debug") (_nix_build "env.sysroot.gnu64.release") (_nix_build "env.sysroot.musl64.debug") (_nix_build "env.sysroot.musl64.release") (_nix_build "sysroot") + {{ _just_debug_ }} # Builds and post processes a container from the nix build [private] [script] _build-container target container-name: (_nix_build ("container." + target)) - {{_just_debug_}} - declare build_date - build_date="$(date --utc --iso-8601=date --date="{{_build_time}}")" - declare -r build_date - docker load --input /tmp/dpdk-sys/builds/container.{{target}} - docker tag \ - "{{container-name}}:{{_build-id}}" \ - "{{container-name}}:{{_slug}}-rust-{{rust}}" - docker tag \ - "{{container-name}}:{{_build-id}}" \ - "{{container-name}}:{{_commit}}-rust-{{rust}}" - docker build \ - --label "git.commit={{_commit}}" \ - --label "git.branch={{_branch}}" \ - --label "git.tree-state={{_clean}}" \ - --label "build.date=${build_date}" \ - --label "build.timestamp={{_build_time}}" \ - --label "rust={{rust}}" \ - --label "rust.version=$(nix eval --raw -f '{{versions}}' 'rust.{{rust}}.version')" \ - --label "rust.channel=$(nix eval --raw -f '{{versions}}' 'rust.{{rust}}.channel')" \ - --label "rust.profile=$(nix eval --raw -f '{{versions}}' 'rust.{{rust}}.profile')" \ - --label "rust.targets=$(nix eval --json -f '{{versions}}' 'rust.{{rust}}.targets')" \ - --label "llvm.version=$(nix eval --raw -f '{{versions}}' 'rust.{{rust}}.llvm')" \ - --label "nixpkgs.git.commit=$(nix eval --raw -f '{{versions}}' 'nixpkgs.commit')" \ - --label "nixpkgs.git.branch=$(nix eval --raw -f '{{versions}}' 'nixpkgs.branch')" \ - --label "nixpkgs.git.commit_date=$(nix eval --raw -f '{{versions}}' 'nixpkgs.commit_date')" \ - --label "nixpkgs.git.source_url=$(nix eval --raw -f '{{versions}}' 'nixpkgs.source_url')" \ - --label "nixpkgs.hash.nix32.packed.sha256=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.nix32.packed.sha256')" \ - --label "nixpkgs.hash.nix32.packed.sha512=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.nix32.packed.sha512')" \ - --label "nixpkgs.hash.nix32.unpacked.sha256=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.nix32.unpacked.sha256')" \ - --label "nixpkgs.hash.tar.sha256=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.tar.sha256')" \ - --label "nixpkgs.hash.tar.sha384=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.tar.sha384')" \ - --label "nixpkgs.hash.tar.sha512=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.tar.sha512')" \ - --label "nixpkgs.hash.tar.sha3_256=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.tar.sha3_256')" \ - --label "nixpkgs.hash.tar.sha3_384=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.tar.sha3_384')" \ - --label "nixpkgs.hash.tar.sha3_512=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.tar.sha3_512')" \ - --label "nixpkgs.hash.tar.blake2b512=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.tar.blake2b512')" \ - --label "nixpkgs.hash.tar.blake2s256=$(nix eval --raw -f '{{versions}}' 'nixpkgs.hash.tar.blake2s256')" \ - --label "versions.json=$(nix eval --json -f '{{versions}}')" \ - --build-arg TAG="{{_build-id}}" \ - --tag "{{container-name}}:post-{{_build-id}}" \ - --target "{{target}}" \ - -f Dockerfile \ - . - docker tag \ - "{{container-name}}:post-{{_build-id}}" \ - "{{container-name}}:{{_slug}}-rust-{{rust}}" - docker tag \ - "{{container-name}}:post-{{_build-id}}" \ - "{{container-name}}:{{_commit}}-rust-{{rust}}" - docker rmi "{{container-name}}:{{_build-id}}" - docker rmi "{{container-name}}:post-{{_build-id}}" + {{ _just_debug_ }} + declare build_date + build_date="$(date --utc --iso-8601=date --date="{{ _build_time }}")" + declare -r build_date + docker load --input /tmp/dpdk-sys/builds/container.{{ target }} + docker tag \ + "{{ container-name }}:{{ _build-id }}" \ + "{{ container-name }}:{{ _slug }}-rust-{{ rust }}" + docker tag \ + "{{ container-name }}:{{ _build-id }}" \ + "{{ container-name }}:{{ _commit }}-rust-{{ rust }}" + docker build \ + --label "git.commit={{ _commit }}" \ + --label "git.branch={{ _branch }}" \ + --label "git.tree-state={{ _clean }}" \ + --label "build.date=${build_date}" \ + --label "build.timestamp={{ _build_time }}" \ + --label "rust={{ rust }}" \ + --label "rust.version=$(nix eval --raw -f '{{ versions }}' 'rust.{{ rust }}.version')" \ + --label "rust.channel=$(nix eval --raw -f '{{ versions }}' 'rust.{{ rust }}.channel')" \ + --label "rust.profile=$(nix eval --raw -f '{{ versions }}' 'rust.{{ rust }}.profile')" \ + --label "rust.targets=$(nix eval --json -f '{{ versions }}' 'rust.{{ rust }}.targets')" \ + --label "llvm.version=$(nix eval --raw -f '{{ versions }}' 'rust.{{ rust }}.llvm')" \ + --label "nixpkgs.git.commit=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.commit')" \ + --label "nixpkgs.git.branch=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.branch')" \ + --label "nixpkgs.git.commit_date=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.commit_date')" \ + --label "nixpkgs.git.source_url=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.source_url')" \ + --label "nixpkgs.hash.nix32.packed.sha256=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.nix32.packed.sha256')" \ + --label "nixpkgs.hash.nix32.packed.sha512=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.nix32.packed.sha512')" \ + --label "nixpkgs.hash.nix32.unpacked.sha256=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.nix32.unpacked.sha256')" \ + --label "nixpkgs.hash.tar.sha256=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.tar.sha256')" \ + --label "nixpkgs.hash.tar.sha384=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.tar.sha384')" \ + --label "nixpkgs.hash.tar.sha512=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.tar.sha512')" \ + --label "nixpkgs.hash.tar.sha3_256=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.tar.sha3_256')" \ + --label "nixpkgs.hash.tar.sha3_384=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.tar.sha3_384')" \ + --label "nixpkgs.hash.tar.sha3_512=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.tar.sha3_512')" \ + --label "nixpkgs.hash.tar.blake2b512=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.tar.blake2b512')" \ + --label "nixpkgs.hash.tar.blake2s256=$(nix eval --raw -f '{{ versions }}' 'nixpkgs.hash.tar.blake2s256')" \ + --label "versions.json=$(nix eval --json -f '{{ versions }}')" \ + --build-arg TAG="{{ _build-id }}" \ + --tag "{{ container-name }}:post-{{ _build-id }}" \ + --target "{{ target }}" \ + -f Dockerfile \ + . + docker tag \ + "{{ container-name }}:post-{{ _build-id }}" \ + "{{ container-name }}:{{ _slug }}-rust-{{ rust }}" + docker tag \ + "{{ container-name }}:post-{{ _build-id }}" \ + "{{ container-name }}:{{ _commit }}-rust-{{ rust }}" + docker rmi "{{ container-name }}:{{ _build-id }}" + docker rmi "{{ container-name }}:post-{{ _build-id }}" # Build and tag the dev-env container build-dev-env-container: (_build-container "dev-env" _dev_env_container_name) @@ -182,29 +193,34 @@ build: build-sysroot build-compile-env-container build-dev-env-container build-d # Push the compile-env and dev-env containers to the container registry [script] push: build - {{_just_debug_}} - docker push "{{_compile_env_container_name}}:{{_slug}}-rust-{{rust}}" - docker push "{{_compile_env_container_name}}:{{_commit}}-rust-{{rust}}" - docker push "{{_dev_env_container_name}}:{{_slug}}-rust-{{rust}}" - docker push "{{_dev_env_container_name}}:{{_commit}}-rust-{{rust}}" - docker push "{{_doc_env_container_name}}:{{_slug}}-rust-{{rust}}" - docker push "{{_doc_env_container_name}}:{{_commit}}-rust-{{rust}}" + {{ _just_debug_ }} + docker push "{{ _compile_env_container_name }}:{{ _slug }}-rust-{{ rust }}" + docker push "{{ _compile_env_container_name }}:{{ _commit }}-rust-{{ rust }}" + docker push "{{ _dev_env_container_name }}:{{ _slug }}-rust-{{ rust }}" + docker push "{{ _dev_env_container_name }}:{{ _commit }}-rust-{{ rust }}" + docker push "{{ _doc_env_container_name }}:{{ _slug }}-rust-{{ rust }}" + docker push "{{ _doc_env_container_name }}:{{ _commit }}-rust-{{ rust }}" # Delete all the old generations of the nix store and run the garbage collector [script] nix-garbage-collector: - {{_just_debug_}} - nix-env --delete-generations old - nix-store --gc + {{ _just_debug_ }} + nix-env --delete-generations old + nix-store --gc # Generate the test matrix [script] generate-todo-list param=".": - {{_just_debug_}} - yq -r -c '[ - {{param}} as $matrix | - $matrix | keys as $factors | - [range(0; $factors | length)] as $itr | - $factors | map($matrix[.]) | combinations as $combinations | - $itr | map({($factors[.]): $combinations[.]}) | add - ]' ./builds.yml + {{ _just_debug_ }} + yq -r -c '[ + {{ param }} as $matrix | + $matrix | keys as $factors | + [range(0; $factors | length)] as $itr | + $factors | map($matrix[.]) | combinations as $combinations | + $itr | map({($factors[.]): $combinations[.]}) | add + ]' ./builds.yml + +[script] +bump dpdk_sys_branch="main": + {{ _just_debug_ }} + ./scripts/bump.sh {{dpdk_sys_branch}} diff --git a/nix/flags.nix b/nix/flags.nix index 7aeee16..4ca9430 100644 --- a/nix/flags.nix +++ b/nix/flags.nix @@ -1,6 +1,6 @@ { release = rec { - CFLAGS="-O3 -ggdb3 -march=x86-64-v4 -mtune=znver4 -flto=thin -Werror=odr -Werror=strict-aliasing -fstack-protector-strong -Qunused-arguments"; + CFLAGS="-O3 -ggdb3 -march=znver4 -mtune=znver5 -flto=thin -Werror=odr -Werror=strict-aliasing -fstack-protector-strong -Qunused-arguments"; CXXFLAGS=CFLAGS; LDFLAGS="-Wl,-O3 -Wl,--gc-sections -Wl,-z,relro,-z,now -Wl,--thinlto-jobs=1 -Wl,-plugin-opt,jobs=1 -Qunused-arguments"; }; diff --git a/scripts/update-version-pinning.sh b/scripts/bump.sh similarity index 100% rename from scripts/update-version-pinning.sh rename to scripts/bump.sh